[ISN] Lincoln National Discloses Breach Of 1.2 Million Customers

From: InfoSec News <alerts_at_private>
Date: Fri, 15 Jan 2010 09:38:03 -0600 (CST)
http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=222301034

By Tim Wilson
DarkReading
Jan 14, 2010 

Lincoln National Corp. (LNC) last week disclosed a security 
vulnerability in its portfolio information system that could have 
compromised the account data of approximately 1.2 million customers.

In a disclosure letter (PDF) sent to the attorney general of New 
Hampshire Jan. 4, attorneys for the financial services firm revealed 
that a breach of the Lincoln portfolio information system had been 
reported to the Financial Industry Regulatory Authority (FINRA) by an 
unidentified source last August. The company was planning to issue 
notification to the affected customers on Jan. 6, the letter says.

The letter does not give technical details about the breach, but it 
indicates the unidentified source sent FINRA a username and password to 
the portfolio management system.

"This username and password had been shared among certain employees of 
[Lincoln Financial Services] and employees of affiliated companies," the 
letter says. "The sharing of usernames and passwords is not permitted 
under the LNC security policy."

FINRA declined to tell Lincoln whether the source of the username and 
password was a current employee or some other party, according to the 
letter. 

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Jan 15 2010 - 07:38:03 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 15 2010 - 07:42:06 PST